In GitLab CE/EE versions 18.4 up to but not including 18.6.6, 18.7 up to but not including 18.7.4, and 18.8 up to but not including 18.8.4 a high severity vulnerability CVE-2026-0958 was detected. This vulnerability allows unauthenticated attackers to cause a denial-of-service condition through memory or CPU exhaustion by bypassing JSON validation middleware limits. To address this issue, users should upgrade GitLab CE/EE to versions 18.6.6, 18.7.4, 18.8.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-0958.
Read more Developer Tools
In Kanboard versions prior to 1.2.50 a medium severity vulnerability CVE-2026-25530 was detected. This vulnerability allows authenticated attackers to access swimlane data from projects they are not authorized to view due to a missing project-level authorization check in the `getSwimlane` API method. To address this issue, users should upgrade Kanboard to version 1.2.50 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-25530.
Read more Project Management
In GitLab CE/EE versions 8.0 up to but not including 18.6.6, 18.7 up to but not including 18.7.4, and 18.8 up to but not including 18.8.4 a medium severity vulnerability CVE-2026-1458 was detected. This vulnerability allows unauthenticated attackers to cause a denial-of-service condition by uploading malicious files due to the allocation of resources without limits or throttling. To address this issue, users should upgrade GitLab CE/EE to versions 18.6.6, 18.7.4, 18.8.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1458.
Read more Developer Tools
In GitLab CE/EE versions 18.7 up to but not including 18.7.4 and 18.8 up to but not including 18.8.4 a high severity vulnerability CVE-2026-1456 was detected. This vulnerability allows unauthenticated attackers to cause a denial-of-service through CPU exhaustion by submitting specially crafted Markdown files that trigger exponential processing in the Markdown preview. To address this issue, users should upgrade GitLab CE/EE to versions 18.7.4, 18.8.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1456.
Read more Developer Tools
In GitLab EE versions 15.6 up to but not including 18.6.6, 18.7 up to but not including 18.7.4 and 18.8 up to but not including 18.8.4 a medium severity vulnerability CVE-2026-1387 was detected. This vulnerability allows authenticated attackers to cause a denial-of-service condition by uploading a malicious file and repeatedly querying it through GraphQL due to allocation of resources without limits or throttling. To address this issue, users should upgrade GitLab EE to versions 18.6.6, 18.7.4, 18.8.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1387.
Read more Developer Tools
In Zulip versions 5.0 through before 11.5 a low severity vulnerability CVE-2026-24050 was detected. This vulnerability allows attackers to perform stored cross-site scripting (XSS) via crafted group or channel names in the user profile modal, potentially executing malicious scripts when a user interacts with the affected object. To address this issue, users should upgrade Zulip to version 11.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-24050.
Read more Communication
In Kanboard versions prior to 1.2.50 a medium severity vulnerability CVE-2026-24885 was detected. This vulnerability allows attackers to perform Cross-Site Request Forgery (CSRF) against the `changeUserRole` action in the `ProjectPermissionController` due to improper enforcement of the `application/json` Content-Type, potentially enabling unauthorized modification of project user roles if an authenticated administrator visits a malicious site. To address this issue, users should upgrade Kanboard to version 1.2.50 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-24885.
Read more Project Management
In Gogs versions up to and including 0.13.3 a critical severity vulnerability CVE-2025-64175 was detected. This vulnerability allows attackers to bypass two-factor authentication due to improper scoping of 2FA recovery codes by user, enabling cross-account reuse of valid recovery codes and resulting in full account takeover when a victim’s credentials are known. To address this issue, users should upgrade Gogs to versions 0.13.4, 0.14.0+dev or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-64175.
Read more Developer Tools
In PrestaShop versions prior to 8.2.4 and 9.0.3 a medium severity vulnerability CVE-2026-25597 was detected. This vulnerability allows attackers to perform time-based user enumeration in the front-office login form by measuring response time differences to determine whether a customer account exists. To address this issue, users should upgrade PrestaShop to versions 8.2.4, 9.0.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-25597.
Read more E-commerce